<?php
    include_once "classes/User.php";
    session_start();
    include_once "session.php";
    if (!isLoggedIn()) {
        exit();
    }
    
    if (!isset($_GET["form"]) || !isset($_GET["field"]) || !isset($_GET["data"])) {
        exit();
    }
    
    $form = $_GET["form"];
    $data = $_GET["data"];
    $field = $_GET["field"];
    include_once "db/db_cse305.php";
    
    
    if ($_SESSION['User']->UserType == "Customer") {
        exit(); //Customers should have no need for this.
    } else {
        if ($form == "new_user") {
            if ($field == "user_name") {
                if (strlen($data) < 5 || strlen($data) > 20) {
                    echo -1; exit();
                } else {
                    $query = sprintf("SELECT * FROM users WHERE UserName = '%s'", mysql_real_escape_string($data));
                    $result = mysql_query($query) or die(mysql_error());
                    if (mysql_num_rows($result) > 0) {
                        echo "That username has already been taken!"; exit();
                    } else {
                        echo 1; exit();
                    }
                }
            } else if ($field == "id") {
                if (is_numeric($data) && $data >= 1 && $data <= 999999999) {
                    $query = sprintf("SELECT * FROM users WHERE UserId = '%d'", mysql_real_escape_string($data));
                    $result = mysql_query($query) or die(mysql_error());
                    if (mysql_num_rows($result) > 0) {
                        echo "That ID has already been taken!"; exit();
                    } else {
                        echo 1; exit();
                    }
                } else {
                    echo -1;exit();
                }
            }
        }
    }
    echo 0;
    
?>
